阅读说明：本技术 一种雾协助工业物联网的隐私保护方法 (Privacy protection method for fog-assisted industrial Internet of things ) 是由 陈思光 李雅兰 王晓玲 杨丽 王堃 于 2019-11-14 设计创作，主要内容包括：本发明公开了一种雾协助工业物联网的隐私保护方法,属于计算机网络安全领域,包括以下步骤：雾协助工业物联网系统初始化；对感知层设备获取的数据进行加密,将获得的感知层密文c<Sub>ij,τ</Sub>传输至该感知层设备所属子区域对应的雾节点；所述雾节点接收到所述感知层密文c<Sub>ij,τ</Sub>后,对感知层密文c<Sub>ij,τ</Sub>进行聚合,得到子区域聚合密文C<Sub>i,τ</Sub>及并将所述子区域聚合密文C<Sub>i,τ</Sub>传输至工业云；工业云接收到子区域聚合密文C<Sub>i,τ</Sub>后,对子区域聚合密文C<Sub>i,τ</Sub>进行二次聚合得到全局聚合密文C<Sub>τ</Sub>并解密；根据解密后的全局聚合密文,获得每个子区域的统计和D<Sub>i,τ</Sub>,每个子区域相应的均值E<Sub>i,τ</Sub>,k个子区域的全局统计和D<Sub>τ</Sub>和k个子区域相应均值E<Sub>τ</Sub>。本发明可对物联网内数据传输进行隐私保护,并且可同时提供粗粒度服务和细粒度服务。(The invention discloses a privacy protection method of a fog-assisted industrial Internet of things, belonging to the field of computer network security and comprising the following steps: initializing an industrial Internet of things system by aid of fog; encrypting the data acquired by the sensing layer equipment, and acquiring a sensing layer ciphertext c ij,τ Transmitting the data to the fog nodes corresponding to the subareas of the sensing layer equipment; the fog node receives the ciphertext c of the perception layer ij,τ Then, the ciphertext c of the perception layer ij,τ Polymerizing to obtain a sub-region polymerized ciphertext C i,τ And aggregating the sub-regions into a ciphertext C i,τ Transmitting to an industrial cloud; industrial cloud receiving sub-region aggregation ciphertext C i,τ Thereafter, ciphertext C is aggregated for the sub-regions i,τ Carrying out secondary polymerization to obtain a global polymerization ciphertext C τ And decrypting; obtaining the statistics sum D of each sub-region according to the decrypted global aggregation ciphertext i,τ The mean value E corresponding to each sub-region i,τ Global statistics sum of k subregions D τ And k corresponding mean values E of the sub-regions τ . The invention can carry out privacy protection on data transmission in the Internet of things and can provide coarse-grained service and fine-grained service at the same time.)

1. A privacy protection method of a fog-assisted industrial Internet of things is characterized by comprising the following steps:

initializing an industrial Internet of things system by aid of fog;

encrypting the data acquired by the sensing layer equipment, and acquiring a sensing layer ciphertext c_ij,τTransmitting the data to the fog nodes corresponding to the subareas of the sensing layer equipment;

the fog node receives the ciphertext c of the perception layer_ij,τThen, the ciphertext c of the perception layer_ij,τPolymerizing to obtain a sub-region polymerized ciphertext C_i,τAnd aggregating the sub-regions into a ciphertext C_i,τTransmitting to an industrial cloud;

industrial cloud receiving sub-region aggregation ciphertext C_i,τThereafter, ciphertext C is aggregated for the sub-regions_i,τCarrying out secondary polymerization to obtain a global polymerization ciphertext C_τAnd decrypting;

obtaining the statistics sum D of each sub-region according to the decrypted global aggregation ciphertext_i,τThe mean value E corresponding to each sub-region_i,τGlobal statistics sum of k subregions D_τAnd k corresponding mean values E of the sub-regions_τ。

2. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the perception layer ciphertext c_ij,τCalculated from equation (1):

wherein N is a homomorphic encrypted public key, m'_ij,τ＝m_ij,τ·a_i，m_ij,τAt a time t_τPerception device IID_ijRaw perceptual data collected, a_iIs a subregion A_iCoefficient of (1), S_ijFor sensing devices IID_ijSecret key of h (t)_τ) Is given by t_τA hash value calculated as an input value to the hash function h,

3. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the method also includes obtaining a perceptual layer ciphertext c_ij,τTime, to the perception layer ciphertext c_ij,τCurrent hash chain value H_ij,τCalculating and adding the hash chain value H_ij,τTransmitting to the fog node, the hash chain value H_ij,τCiphertext c for sensing layer by fog node_ij,τThe integrity verification of.

4. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 3, wherein: the fog node is opposite to the perception layer ciphertext c_ij,τThe integrity verification of (a) comprises the steps of:

mist node ciphertext c based on perception layer_ij,τCalculating Hash chain value H 'for verification'_ij,τ；

Inspection of equation H'_ij,τ＝H_ij,τIf yes, then the perception layer cipher text c_ij,τAnd (4) completing.

5. The privacy protection method for the fog-assisted industrial internet of things as claimed in claim 1, wherein the privacy protection method is characterized in that: the method further comprises aggregating ciphertext C in the obtained sub-region_i,τThen, the ciphertext C is aggregated to the sub-region_i,τCorresponding verification code H_i,τAnd calculating the verification code H_i,τTransmitting to an industrial cloud, the verification code H_i,τCiphertext C for industrial cloud pair sub-region aggregation_i,τThe integrity verification of.

6. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the sub-region aggregation ciphertext C_i,τCalculated from equation (2):

wherein m'_ij,τ＝m_ij,τ·a_i，m_ij,τAt a time t_τRaw perceptual data collected, a_iIs a subregion A_iN is the fog node fog_iSubdomain a of jurisdiction_iNumber of sensing devices accommodated, h (t)_τ) With t_τA hash value calculated as an input value to the hash function h,is a subregion A_iThe sum of secret keys of the N sensing devices in the network, wherein N is a homomorphic encrypted public key.

7. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the global aggregate ciphertext C_τCalculated from equation (3):

wherein the content of the first and second substances,m 'corresponding to k x n sensing device data'_ij,τThe sum of the total weight of the components,

8. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the pair sub-region aggregation ciphertext C_i,τThe decryption includes the steps of:

using an industrial cloud Key s₀Aggregating global ciphertext C_τSimplifying and decrypting to obtain a pseudo-global aggregate value W, wherein the pseudo-global aggregate value W is obtained by calculating according to a formula (4):

wherein, a_iIs a subregion A_iCoefficient of (a), m_ij,τAt a time t_τPerception device IID_ijI is more than or equal to 1 and less than or equal to k, j is more than or equal to 1 and less than or equal to n, k is the number of subareas of the sensing layer, and n is a fog node fog_iSubdomain a of jurisdiction_iThe number of sensing devices accommodated.

9. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the statistical sum D of each sub-region_i,τThe mean value E corresponding to each sub-region_i,τGlobal statistics sum of k subregions D_τAnd k corresponding mean values E of the sub-regions_τCalculated from equation (5):

wherein W is a pseudo global aggregation value,

10. The privacy protection method of the fog-assisted industrial internet of things as claimed in claim 1, wherein: the method also includes fault tolerant processing of the incomplete aggregated ciphertext.

Technical Field

The invention relates to a privacy protection method of a fog-assisted industrial Internet of things, and belongs to the field of computer network security.

Background

With the increasing popularity of the Internet of things (IoT) in the Industrial field, the Industrial Internet of things (IIoT) is receiving more and more attention from researchers as an important application of the Internet of things in the industry. IIoT addresses any device in an interconnected industrial setting, such as embedded sensors, machine devices and actuators, etc., that can sample, process and apply real-time data in an industrial environment to facilitate the transition from the traditional industry to the smart industry. Due to the limited resources of devices and sensors, the traditional IIoT architecture introduces cloud computing technology, and all collected data is sent to the cloud for processing and storage, so as to reduce the computing and storage cost of local devices. However, with the rapid deployment of IIoT devices, more and more data is frequently sent to the remote cloud, which not only results in significant communication costs, but also puts significant processing and storage pressure on the cloud. Therefore, it is impractical to rely solely on the cloud for delay-sensitive IIoT systems. Under the condition, the fog computing is introduced into IIoT as an extension of cloud computing, so that the local data processing and storage capacity at the edge of the network is improved, and the time delay and the communication cost are effectively reduced. For example, the user terminal can directly migrate the calculation and storage tasks to the fog nodes located at the edge of the network, so that the processing pressure of the cloud is reduced, and low delay is realized.

Data aggregation is considered an effective way to reduce communication overhead, e.g., a fog node may perform a data aggregation operation on received data and then pass the single aggregation result to the cloud, which may significantly reduce the amount of data transmission. While data aggregation can achieve significant performance gains, aggregation operations performed at untrusted third parties are often subject to privacy and security (confidentiality and integrity) threats. For example, entities that are curious inside the system (e.g., fog nodes and clouds) may learn from the received data the individual data that contains private content.

In order to solve the above problems, some privacy-preserving data aggregation schemes based on fog calculation have been developed in recent years. However, existing privacy protection schemes are only used to support the computation of global aggregated results, which cannot provide fine-grained data services. For example, the cloud cannot learn the aggregated results for a particular sub-region that may be useful for some applications.

Disclosure of Invention

The invention provides a privacy protection method of a fog-assisted industrial Internet of things, which can carry out privacy protection on data transmission in the Internet of things and can provide coarse-grained service and fine-grained service at the same time.

In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a privacy protection method of a fog-assisted industrial Internet of things comprises the following steps: initializing an industrial Internet of things system by aid of fog; encrypting the data acquired by the sensing layer equipment, and acquiring a sensing layer ciphertext c_ij,τTransmitting the data to the fog nodes corresponding to the subareas of the sensing layer equipment; the fog node receives the ciphertext c of the perception layer_ij,τThen, the ciphertext c of the perception layer_ij,τPolymerizing to obtain a sub-region polymerized ciphertext C_i,τAnd aggregating the sub-regions into a ciphertext C_i,τTransmitting to an industrial cloud; industrial cloud receiving sub-region aggregation ciphertext C_i,τThereafter, ciphertext C is aggregated for the sub-regions_i,τCarrying out secondary polymerization to obtain a global polymerization ciphertext C_τAnd decrypting; obtaining the statistics sum D of each sub-region according to the decrypted global aggregation ciphertext_i,τThe mean value E corresponding to each sub-region_i,τGlobal statistics sum of k subregions D_τAnd k corresponding mean values E of the sub-regions_τ。

Further, the perception layer ciphertext c_ij,τCalculated from equation (1):

wherein N is a homomorphic encrypted public key, m'_ij,τ＝m_ij,τ·a_i，m_ij,τAt a time t_τPerception device IID_ijRaw perceptual data collected, a_iIs a subregion A_iCoefficient of (1), S_ijFor sensing devices IID_ijSecret key of h (t)_τ) Is given by t_τA hash value calculated as an input value to the hash function h,

is an integer set of N, i is more than or equal to 1 and less than or equal to k, j is more than or equal to 1 and less than or equal to N, k is the number of the sub-regions of the sensing layer, and N is a fog node fog_iSubdomain a of jurisdiction_iThe number of sensing devices accommodated.

Further, the method also comprises the step of obtaining the ciphertext c of the perception layer_ij,τTime, to the perception layer ciphertext c_ij,τCurrent hash chain value H_ij,τCalculating and adding the hash chain value H_ij,τTransmitting to the fog node, the hash chain value H_ij,τCiphertext c for sensing layer by fog node_ij,τThe integrity verification of.

Further, the fog node is used for receiving the sensing layer ciphertext c_ij,τThe integrity verification of (a) comprises the steps of: mist node ciphertext c based on perception layer_ij,τCalculating Hash chain value H 'for verification'_ij,τ(ii) a Inspection of equation H'_ij,τ＝H_ij,τIf yes, then the perception layer cipher text c_ij,τAnd (4) completing.

Further, the method also comprises the step of aggregating the ciphertext C in the obtained sub-region_i,τThen, the ciphertext C is aggregated to the sub-region_i,τCorresponding verification code H_i,τAnd calculating the verification code H_i,τTransmitting to an industrial cloud, the verification code H_i,τFor industrial cloud pairRegion aggregation ciphertext C_i,τThe integrity verification of.

Further, the sub-region aggregation ciphertext C_i,τCalculated from equation (2):

wherein m'_ij,τ＝m_ij,τ·a_i，m_ij,τAt a time t_τRaw perceptual data collected, a_iIs a subregion A_iN is the fog node fog_iSubdomain a of jurisdiction_iNumber of sensing devices accommodated, h (t)_τ) With t_τA hash value calculated as an input value to the hash function h,

is a subregion A_iThe sum of secret keys of the N sensing devices in the network, wherein N is a homomorphic encrypted public key.

Further, the global aggregate ciphertext C_τCalculated from equation (3):

wherein the content of the first and second substances,

m 'corresponding to k x n sensing device data'_ij,τThe sum of the total weight of the components,

secret key s for k × n sensing devices_ijSum of m'_ij,τ＝m_ij,τ·a_i，m_ij,τAt a time t_τPerception device IID_ijRaw perceptual data collected, a_iIs a subregion A_iN is a homomorphic encrypted public key, h (t)_τ) Is given by t_τThe hash value obtained by calculation as the input value of the hash function h is more than or equal to 1 and less than or equal to k, and is more than or equal to 1 and less than or equal to n,k is the number of the subareas of the sensing layer, and n is the fog node fog_iSubdomain a of jurisdiction_iThe number of sensing devices accommodated.

Further, the pair sub-region aggregation ciphertext C_i,τThe decryption includes the steps of: using an industrial cloud Key s₀Aggregating global ciphertext C_τSimplifying and decrypting to obtain a pseudo-global aggregate value W, wherein the pseudo-global aggregate value W is obtained by calculating according to a formula (7):

wherein, a_iIs a subregion A_iCoefficient of (a), m_ij,τAt a time t_τPerception device IID_ijI is more than or equal to 1 and less than or equal to k, j is more than or equal to 1 and less than or equal to n, k is the number of subareas of the sensing layer, and n is a fog node fog_iSubdomain a of jurisdiction_iThe number of sensing devices accommodated.

Further, the statistical sum D of each sub-region_i,τThe mean value E corresponding to each sub-region_i,τGlobal statistics sum of k subregions D_τAnd k corresponding mean values E of the sub-regions_τCalculated from equation (8):

wherein W is a pseudo global aggregation value,

l is the system security parameter, k is p_iIs a relatively prime positive integer, k is the number of sub-regions of the sensing layer, and n is a fog node fog_iSubdomain a of jurisdiction_iThe number of sensing devices accommodated.

Further, the method further comprises fault-tolerant processing of the incomplete aggregated ciphertext.

According to the invention, data aggregation is carried out at the fog nodes, so that the data transmission quantity is remarkably reduced; the data privacy and confidentiality are effectively protected by adopting homomorphic encryption, and meanwhile, the integrity of the data is ensured by adopting a hash chain mechanism for the data. According to the method, hierarchical aggregation is adopted, so that the cloud can provide coarse and fine granularity data service by obtaining the aggregation result of each sub-area and the whole area, meanwhile, due to fault-tolerant processing, when a sensing device or a transmission channel has a fault, the cloud can still decrypt an incomplete aggregation ciphertext and obtain a correct aggregation result, the safety performance of the system is improved, and the method is more suitable for practical application scenes.

Drawings

Fig. 1 is a schematic flow chart of a privacy protection method for a fog-assisted industrial internet of things according to an embodiment of the present invention;

FIG. 2 is a comparison of the present invention with respect to the calculation overhead of the SEDA aggregation scheme and the LPDA-EC aggregation method;

FIG. 3 is a comparison of data transmission amounts for the present invention with the SEDA aggregation scheme and the LPDA-EC aggregation method.

Detailed Description

For a better understanding of the nature of the invention, its description is further set forth below in connection with the specific embodiments and the drawings.

The system model of the invention is divided into three layers: perception layer, fog layer and cloud layer mainly include five entities: perception device IID_ijFog nodes, Industrial Clouds (ICs), Trusted Management Authority (TMA), and users. The sensing layer is divided into a plurality of sub-regions according to the geographic position, and each sub-region comprises industrial Internet of things sensing equipment IID with sensing, processing and communication functions_ijAnd the cloud node is responsible for collecting data in real time and regularly forwarding encrypted data to the industrial cloud through the fog node. The specific steps of the invention are shown in figure 1:

step 1, initializing a fog-assisted industrial Internet of things system:

1) calculating the coefficient a of each sub-region_i. The fog-assisted industrial Internet of things system initializes security parameters (mu: 512bits, l: 50bits), and then the trusted management authority randomly selects two large prime numbers Q₁And Q₂，|Q₁|＝|Q₂μ | >. At the same time, homomorphism is calculatedEncrypted public key N and private key g (N ═ Q)₁Q₂,g＝1+N)，|N|＝1024bits,|N²2048 bits. Suppose that there are k subregions of the sensing layer and each subregion A_iWhere there are n (n-200,400,600,800,1000) sensing devices, TMA selects k relatively prime positive integers p₁,p₂,…,p_k，|p_iL, i is more than or equal to 1 and less than or equal to k, l is a system safety parameter, and each sub-area A is calculated_iCoefficient a of_iThe calculation process is as follows:

2) computationally aware device IID_ijSecret key S of_ij. TMA uses a pseudo-random number generator to generate k x n uncorrelated random numbers s₁₁,…,s_1n,…,s_k1,…,s_knAnd the secret keys are respectively distributed to the corresponding perception devices to serve as secret keys.

3) Calculating a secret key s of an IC₀And sent to the IC:

wherein the content of the first and second substances,is the sum of secret keys of k × n sensing devices, and

and 0 is congruence with respect to the modulus lambda.

4) To regenerate a set of pseudo random numbers I₁₁,…,I_1n,…,I_k1,…,I_knH to construct a set of hash chain heads H₀₀,…H_0n,…,H_k0,…H_knAnd (4) attaching the signature sigma of TMA to each hash chain head, and sending to the corresponding IIoT sensing equipment and the fog node.

The TMA selects a cyclic group G, | G | ═ 160bits and two secure cryptographic hash functions H and H, where

Is an integer set of integers with N.

5) Computing fog node fog_iAnd shared secret key k between ICs_i. TMA selects a random number k of 160bits_iAs fog node fog_iAnd shared keys between ICs.

Step 2, encrypting the data acquired by the sensing layer equipment to obtain a sensing layer ciphertext c_ij,τ. For the ciphertext c of the sensing layer_ij,τCurrent hash chain value H_ij,τCalculating and converting the perception layer ciphertext c_ij,τAnd a hash chain value H_ij,τAnd transmitting the data to the fog nodes corresponding to the subareas of the sensing layer equipment.

The sensing device continuously collects real-time sensing data and periodically sends the collected data to the IC through the fog node. Suppose there are k subregions A in the perceptual layer_iSatisfies the conditions

I is more than or equal to 1 and less than or equal to k, r is more than or equal to 1 and less than or equal to k, and i is not equal to r. Each sub-region A_iAre all composed of an adjacent fog node fog_iAdministered and each sub-area A_iAll accommodate n sensing devices IID_ij. Let the reporting period of the perceiving device be Γ ═ t₁,t₂,…,t_MAX}, sensing device IID_ijAt time t_τThe raw perceptual data collected by e Γ is denoted as m_ij,τ∈Z_N，Z_NIs an integer set from 0 to N-1, i is more than or equal to 1 and less than or equal to k, and j is more than or equal to 1 and less than or equal to N.

1) At time t_τ，IID_ijFirst with t_τCalculating as the input value of the hash function h to obtain the hash valueReuse its private key s_ijCalculating a real-time value

Then according to the known area coefficient a_iAnd homomorphic encryption algorithm, IID_ijCan obtain the ciphertext c of the sensing layer_ij,τ：

Wherein m'_ij,τ＝m_ij,τ·a_i。

2) Computing perception layer ciphertext c_ij,τCurrent hash chain value of H_ij,τ：

Wherein, H (c)_ij,τ) To c is provided with_ij,τHash values calculated as input values to a hash function H, H_ij,τ-1Is the previous time t_τ-1The hash chain value of (1).

3) Forming a perception layer report (c)_ij,τ,H_ij,τ) And reporting the perception layer (c)_ij,τ,H_ij,τ) Sending to the fog node fog of the upper layer_i。

Step 3, fog node fog_iReceiving a perception layer ciphertext c_ij,τThen, verify the perception layer ciphertext c_ij,τIntegrity of (2) the complete sensing layer ciphertext c_ij,τPolymerizing to obtain a sub-region polymerized ciphertext C_i,τ. Aggregate ciphertext C for sub-regions_i,τCorresponding verification code H_i,τCalculating and aggregating the sub-regions into a ciphertext C_i,τAnd a verification code H_i,τAnd transmitting to the industrial cloud.

1) When fog node fog_iIn time slot t_τReceives the subdomain A of which it is administered_iPerception report sent by all perception devices (c)_ij,τ,H_ij,τ) When the hash chain value H in the report is checked first_ij,τThe correctness of the received data is verified in turn, and the specific process is as follows: fog_iCiphertext c based on perception layer_ij,τComputing hash chain values for verification

Inspection of equation H'_ij,τ＝H_ij,τWhether or not this is true. If true, verify pass, fog_iReceiving a perception layer ciphertext c_ij,τAnd store H_ij,τFor the next integrity verification.

2) When n verified perception layer ciphertexts c are obtained_ij,τJ is not less than 1 and not more than n, when, fog_iBy utilizing the additive homomorphism of the homomorphic encryption ciphertext, the subdomain A under jurisdiction is encrypted under the condition of no decryption_iN verified perceptual layer ciphertexts c_ij,τPolymerizing to obtain a sub-region polymerized ciphertext C_i,τ：

Wherein the content of the first and second substances,

is a subregion A_iThe sum of the secret keys of the inner n perceiving devices.

3) To ensure the subregion A_iIs used to aggregate ciphertext C_i,τIntegrity of (2), fog_iBy sharing key k with industrial cloud_iCalculating the verification code H_i,τ＝H(C_i,τ||k_i) Providing verification evidence for IC, and forming a fog node report (C)_i,τ,H_i,τ) And from fog node fog_iIs transmitted to the IC. Wherein, H (C)_i,τ||k_i) To be C_i,τAnd k_iThe concatenation result of (a) is used as a hash value calculated from the hash function H input value.

Step 4, receiving the sub-region aggregation ciphertext C by the industrial cloud_i,τAnd then sequentially verifying the aggregation ciphertext C of all the sub-region sub-regions_i,τIntegrity of (2), aggregating ciphertext C for verified sub-regions_i,τAnd performing aggregation and decryption.

1) The industrial cloud receives the fog node reports of k fog nodes (C)_i,τ,H_i,τ) I is more than or equal to 1 and less than or equal to k, and then all are verified in sequenceSub-region aggregate ciphertext C_i,τThe integrity of the method comprises the following specific processes: the industrial cloud is based on the previous hash chain value H_i,τ-1ComputingTo verify equation H'_i,τ＝H_i,τWhether or not it is correct, wherein H (C)_i,τ) To be C_i,τA hash value calculated as an input value to a hash function H. If the equation is correct, the verification is passed, and the industrial cloud accepts C_i,τ。

2) The ciphertexts of all the sub-regions are aggregated to form a global aggregated ciphertext C_τ。

Wherein the content of the first and second substances,

m 'corresponding to k x n sensing device data'_ij,τThe sum of the total weight of the components,

secret key s for k × n sensing devices_ijAnd (4) summing.

3) Private key s using industrial cloud₀Elimination of C_τThe expression includes h (t)_τ) The term (c) is reduced to obtain a value B:

4) according to the value B, the industrial cloud can decrypt to obtain a pseudo global aggregation value W:

5) based on known system parameters p_iThe industrial cloud may obtain the statistics and D for each sub-region_i,τThe mean value E corresponding to each sub-region_i,τK sub-regionsGlobal statistics sum D_τAnd k corresponding mean values E of the sub-regions_τ：

And 5, fault tolerance.

Some devices in the sub-area fail at some time and the fog node cannot receive its report, causing the fog node and the cloud to receive incomplete aggregate results. Since the cloud has only one key s₀The incomplete aggregate ciphertext is obtained, so that the decryption process cannot be successfully executed, and the cloud cannot correctly decrypt the aggregate ciphertext.

Order to

The representation contains sub-region A_iA collection of inter-failed devices. C'_τRepresents fog_iAt time t_τIncomplete aggregated results are received. To obtain a failure set A_i'Medium device-related information h' (t)_τ)，fog_iSending one loss report (A ') to TMA'_i,t_τ). Report (A 'is received since TMA manages keys of all devices'_i,t_τ) Thereafter, TMA may be A'_iPrivate key calculation h' (t) of the devices involved in (1)_τ)：

Wherein the content of the first and second substances,

is A_i' the sum of the failed device private keys contained.

Then h' (t)_τ) Reverting to fog_i. Receives h' (t)_τ) Then, fog_iIt was then calculated with C'_τCombining to obtain decipherable cipher text C "_τ：

Wherein the content of the first and second substances,

is a subregion A_iRemoving A'_iM 'of the faulty device contained in'_iu,τAnd (4) summing.

Then, through the same decryption process, the cloud can still decrypt the incomplete aggregation ciphertext and obtain the aggregation statistic value.

Aiming at the problem that a large amount of calculation and bandwidth resources are required to be sacrificed in the process of realizing safe and efficient data collection and application of the current industrial Internet of things data aggregation research scheme, the data aggregation method and the system can provide effective protection for data privacy, confidentiality and integrity by adopting homomorphic Paillier encryption and a lightweight Hash chain mechanism. In particular, data privacy of individual devices is also protected at semi-trusted fog nodes and clouds. Meanwhile, by performing local data aggregation at the fog node, the amount of data transmission is significantly reduced. In addition, hierarchical aggregation enables the cloud to provide fine and coarse granularity data services by obtaining the aggregation results of the sub-regions and the whole region. In addition, fault tolerance is supported in the decryption process of the cloud, and even if some sensing devices or channel links are in failure, the cloud can still decrypt the incomplete aggregation ciphertext and obtain a correct aggregation result. A comparative analysis of the present method with existing methods shows that the present method has less computational and communication costs, as shown in fig. 2 and 3.

FIG. 2 is a comparison of the present invention with two other aggregation schemes, SEDA and LPDA-EC, in terms of computational overhead. Compared with other two methods, the method has the advantages that the calculation time is obviously shortened, and particularly, with the addition of more and more sensing devices, the advantage of low calculation cost is more prominent.

In addition, fig. 3 shows that compared with the two aggregation methods of the SEDA and the LPDA-EC, the present invention realizes the least data transmission amount, and effectively reduces the communication overhead and the bandwidth consumption in the industrial internet of things.

It should be noted that while the invention has been described in terms of the above-mentioned embodiments, there are many other embodiments of the invention. It will be apparent to those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention, and it is intended that all such changes and modifications be covered by the appended claims and their equivalents.